[00:19.980 --> 00:27.360]  So, the Department of Defense, historically, has operated cyber security through obscurity.
[00:27.360 --> 00:31.400]  And that is a culture that we're trying to change.
[00:31.400 --> 00:36.960]  So, we're getting outside of our fence lines and involving communities that can help us,
[00:36.960 --> 00:40.780]  like DEF CON, to see if we need to up our game in cyber.
[00:40.780 --> 00:44.980]  We need more security researchers in the industry. We need the existing security researchers that
[00:45.740 --> 00:50.840]  are out there to connect with the space and aerospace community.
[00:50.920 --> 00:56.400]  And it isn't enough to have them come in after the fact and to do a security assessment at the end.
[00:56.400 --> 01:00.100]  We need the researchers to be a part of the development team and include them
[01:00.100 --> 01:02.480]  within the entire lifecycle of these systems.
[01:07.620 --> 01:13.400]  Welcome to Space Security Challenge 2020, HackASAT, the final event.
[01:13.400 --> 01:18.820]  As the democratization of space opens up a new frontier for exploration and innovation,
[01:18.820 --> 01:22.440]  we see new cyber security vulnerabilities emerging.
[01:23.420 --> 01:28.240]  The Space Security Challenge is designed to inspire the world's top cyber security talent
[01:28.240 --> 01:35.200]  to develop the skills necessary to secure this last frontier of cyber security, space.
[01:40.980 --> 01:45.760]  Every federally funded lab is charted with the mission of technology transfer.
[01:45.760 --> 01:49.300]  Technology transfer is all about taking government-owned intellectual property
[01:49.300 --> 01:53.900]  and transferring it to the public domain. The Air Force Research Lab and our charter
[01:53.900 --> 01:58.620]  to perform tech transfer put us in the best position to lead this effort.
[01:58.940 --> 02:02.700]  But first, we had to overcome the monumental task of convincing people
[02:02.700 --> 02:07.860]  that hacking a satellite was actually a good thing to do in the name of improving space security.
[02:07.860 --> 02:11.660]  But we persevered and our mission fueled the creation of what we called
[02:11.660 --> 02:14.380]  the Space Security Challenge 2020, HackASAT.
[02:17.800 --> 02:22.300]  At the heart of it, we needed to create a community where one didn't currently exist.
[02:22.300 --> 02:26.740]  And we wanted to leverage the challenge model because we've learned a lot from DARPA
[02:26.740 --> 02:31.440]  and they've been very successful at creating communities through challenges.
[02:31.460 --> 02:38.020]  And so DARPA created this challenge back in like 2004, bringing together the AI industry,
[02:38.020 --> 02:44.120]  the sensor industry or community, and also the automotive industry to formulate a challenge
[02:44.120 --> 02:48.060]  to improve the security of the automotive industry leveraging AI.
[02:48.060 --> 02:55.640]  Now you fast forward 15 years, we have a fully functioning industry of autonomous vehicles.
[02:55.820 --> 03:00.000]  And that's ultimately where we're going with Space Security Challenge HackASAT.
[03:00.000 --> 03:05.120]  We want to build trust and security into our space systems.
[03:05.240 --> 03:07.800]  So we needed to get the attention of the hacker community.
[03:07.800 --> 03:11.880]  And we're not typically as the Air Force and now Space Force,
[03:11.880 --> 03:16.180]  we're not trying to do outreach to the hacker community.
[03:16.180 --> 03:18.660]  So we had a new unique challenge on our hands.
[03:18.660 --> 03:26.400]  We also needed to get the attention of policymakers and the general public and industry.
[03:26.400 --> 03:30.960]  We needed people to care about this because it affects all of us.
[03:31.180 --> 03:32.880]  And then the pandemic hit.
[03:32.960 --> 03:35.660]  And all of our plans to run the finals at DEF CON,
[03:35.660 --> 03:39.620]  with the building audience of tens of thousands that DEF CON attracts, shattered.
[03:39.780 --> 03:40.820]  So we pivoted.
[03:44.130 --> 03:47.210]  So we needed to figure out a way to hold finals virtually
[03:47.210 --> 03:50.810]  and still achieve our goal of cultivating a research community.
[03:50.810 --> 03:55.590]  And it became apparent that this pivot to virtual was actually more of an opportunity.
[03:55.630 --> 04:01.210]  It was an opportunity to reach people who wouldn't have normally been able to travel to DEF CON.
[04:01.210 --> 04:06.950]  But there were huge challenges associated with this for both the competitors and the spectators.
[04:06.950 --> 04:12.690]  So in July, we shipped each team leader a flat sat, which came with an air bearing.
[04:12.690 --> 04:16.870]  What the teams could do is they could put their flat sat on top of the air bearings,
[04:16.870 --> 04:21.670]  and then they could use the attitude control system in the flat sat to be able to rotate
[04:21.670 --> 04:26.150]  the flat sat to kind of emulate what it would be like if they were in space.
[04:26.150 --> 04:32.350]  But with COVID, what we didn't anticipate were the global shipping timelines.
[04:32.650 --> 04:35.990]  Two of our teams didn't get their flat sats until later.
[04:36.030 --> 04:38.570]  In fact, the third place team, Flux Repeat Rocket,
[04:38.570 --> 04:44.130]  didn't even receive their flat sat until the morning of the competition on August 7th.
[04:44.130 --> 04:45.710]  That was a real nail biter.
[04:46.370 --> 04:49.670]  Then there were the spectators. After all, the world is watching now.
[04:49.670 --> 04:54.650]  We needed to be able to give people all over the world a way to feel like they were part of the
[04:54.650 --> 05:00.610]  action. So we built this fully immersive 3D environment for spectators to explore
[05:01.230 --> 05:06.090]  and watch the competition. We did our best to give it a DEF CON feel so that people really
[05:06.090 --> 05:10.810]  felt like they were still part of that environment that we worked so hard to be part of.
[05:10.810 --> 05:16.070]  And so as part of this environment, we created this extensive library of content and videos.
[05:16.090 --> 05:20.790]  And so all of the content that we created on HackASAT, as well as all of the videos that
[05:20.790 --> 05:25.470]  were created, are available on our GitHub page and our YouTube channel,
[05:25.470 --> 05:29.990]  and where you can access that information and continue to learn about hacking, cyber, and space.
[05:36.410 --> 05:40.930]  The scenario was based around a mock stolen satellite.
[05:40.930 --> 05:45.130]  Once the teams were on the satellite, the remaining challenges had to do with removing
[05:45.130 --> 05:50.670]  the presence of the malicious actor that was on that satellite, orient it so that they could then
[05:50.670 --> 05:55.810]  use the imager to take a photo of the moon that we had set up inside of the facility where the
[05:55.810 --> 06:02.050]  flatsats were all located. The other part of the challenge, the teams were tasked with coming up
[06:02.050 --> 06:07.510]  with a command set that would point an actual satellite at the actual moon. Teams were given
[06:07.630 --> 06:12.590]  a very limited amount of time to accomplish that goal, and one of them was able to successfully
[06:12.590 --> 06:17.390]  take a photo of the moon using that command set. We're going to answer the question as to which
[06:17.390 --> 06:23.010]  team had their code sent into space tonight. Congrats to Team Poland Can into Space for
[06:23.010 --> 06:28.590]  submitting not only the best solution overall throughout the whole evaluation period, but the
[06:28.590 --> 06:33.150]  solution that is going to space. We expect the moonshot to happen in a couple of hours at 630
[06:33.150 --> 06:39.150]  pacific, and that picture will be sent down to earth at about 1am pacific. There will be people
[06:39.150 --> 06:44.450]  who are hacking satellites, and so by having the federal government structure this in a nice,
[06:44.450 --> 06:49.530]  organized, and safe way, we can do it without getting in any trouble, and they can get the
[06:49.530 --> 06:54.270]  results and the understanding that they need from an attacker's perspective. Having the ability to
[06:54.270 --> 06:58.910]  approach something with the mindset of, you know, how could I break this, always helps you understand
[06:58.910 --> 07:04.430]  how a system works better. It's something we all as a community have to be thinking about.
[07:04.690 --> 07:09.570]  And the security community wants to be a part of that. They would like to be involved with
[07:09.570 --> 07:14.470]  these systems, would like to secure these systems, would like to learn more about these systems,
[07:14.470 --> 07:21.370]  so openness and transparency, and getting access to more of these systems going forward.
[07:21.650 --> 07:25.930]  And we need the space community, the aerospace community, to be open and available
[07:25.930 --> 07:31.350]  and receptive to that. And that's what we were trying to accomplish with Hack-A-Sat, put on a
[07:31.350 --> 07:35.530]  game that brought those two communities together and raised that awareness. And I think we did a
[07:35.530 --> 07:42.950]  good job of that. Now we hand the ball off, maybe, to the aerospace community to take that over.
[07:42.950 --> 07:48.430]  So the direction I think we're going, that we ought to go, is fully embracing the hacker
[07:48.430 --> 07:54.790]  community at DEFCON, and not waiting till systems are built to create opportunities to learn and
[07:54.790 --> 08:01.110]  help us learn, help us make them more secure before we're producing them. The systems we build
[08:01.110 --> 08:05.690]  are unique. They have some pretty amazing technology in them, and I think the opportunity
[08:05.690 --> 08:11.750]  for the hacker community to get new hands-on experience would also be really energizing and
[08:11.750 --> 08:18.350]  cool. So events like Hack-A-Sat are awesome live events, but the relationship and continuing it
[08:18.350 --> 08:23.650]  across a broader set of opportunities is what's more exciting. A year ago, hacking a satellite
[08:23.650 --> 08:31.250]  felt pretty hard, but we're there now. You know, we aren't what you expect, and we do really, really
[08:31.250 --> 08:40.410]  cool things. Last thing, thanks for joining us. The future of space security depends on the work
[08:40.410 --> 08:42.050]  we're doing together.
